CVE-2024-21821

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX3000 versions TP-Link Archer AX5400 versions TP-Link Archer AXE75 versions

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

Recommendations For TP-Link Archer AX3000, consider restricting access to the LAN port and Wi-Fi to minimize the risk of exploitation until a patch is available. For TP-Link Archer AX5400, restrict access to the LAN port and Wi-Fi to minimize the risk of exploitation until a patch is available. For TP-Link Archer AXE75, restrict access to the LAN port and Wi-Fi to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.